ComboFix 11-10-24.02 - Krzysztof 2011-10-24  16:04:38.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.3037.2371 [GMT 2:00]
Uruchomiony z: d:\documents and settings\Krzysztof\Moje dokumenty\Pobieranie\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\documents and settings\Krzysztof\beep.exe
d:\documents and settings\Krzysztof\Dane aplikacji\cacaoweb
d:\documents and settings\Krzysztof\Dane aplikacji\cacaoweb\errorlog.txt
d:\documents and settings\Krzysztof\Dane aplikacji\cacaoweb\npdfile.dat
d:\documents and settings\Krzysztof\Dane aplikacji\cacaoweb\replicating26738AE47C5131AD7EBE739AFFA5E9DB.cacao
d:\documents and settings\Krzysztof\Dane aplikacji\cacaoweb\replicatingCF125E3C0026C6280ED5930DC7004A95.cacao
d:\documents and settings\Krzysztof\Dane aplikacji\cacaoweb\replicatingD94BC24CD7FF59B6B73ED904B46DCADA.cacao
d:\documents and settings\Krzysztof\Dane aplikacji\cacaoweb\storage.db
d:\documents and settings\Krzysztof\Ustawienia lokalne\Dane aplikacji\Skype\Phone\Skype.exe
d:\program files\cacaoweb
d:\program files\cacaoweb\cacaoweb.exe
d:\windows\pkunzip.pif
d:\windows\pkzip.pif
d:\windows\system32\d3d9caps.dat
d:\windows\system32\server.log
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2011-09-24 do 2011-10-24  )))))))))))))))))))))))))))))))
.
.
2011-10-24 14:13 . 2011-10-24 14:13	--------	d-----w-	d:\windows\system32\xircom
2011-10-24 14:13 . 2011-10-24 14:13	--------	d-----w-	d:\windows\system32\wbem\snmp
2011-10-24 14:13 . 2011-10-24 14:13	--------	d-----w-	d:\program files\microsoft frontpage
2011-10-23 18:07 . 2011-10-23 18:07	--------	d-----w-	d:\documents and settings\Krzysztof\Ustawienia lokalne\Dane aplikacji\Deployment
2011-10-20 15:04 . 2011-10-20 15:04	--------	d-----w-	D:\ckis
2011-10-20 14:44 . 2011-10-24 14:14	8766496	--sha-w-	d:\windows\system32\drivers\fidbox.dat
2011-10-20 14:44 . 2011-10-24 14:14	393504	--sha-w-	d:\windows\system32\drivers\fidbox2.dat
2011-10-18 21:01 . 2011-10-18 21:01	--------	d-----w-	d:\program files\Kaspersky Lab
2011-10-18 20:37 . 2011-10-18 20:37	388096	----a-r-	d:\documents and settings\Krzysztof\Dane aplikacji\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-18 20:37 . 2011-10-18 20:37	--------	d-----w-	d:\program files\Trend Micro
2011-10-18 19:32 . 2011-10-18 19:32	--------	d-----w-	d:\program files\Zend
2011-10-18 19:31 . 2005-04-27 16:02	749568	----a-w-	d:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2011-10-18 19:31 . 2005-04-27 16:00	180224	----a-w-	d:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2011-10-18 19:31 . 2005-04-27 16:00	69715	----a-w-	d:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2011-10-18 19:31 . 2005-04-27 16:00	274432	----a-w-	d:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2011-10-18 19:31 . 2004-10-22 00:16	5632	----a-w-	d:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2011-10-18 19:31 . 2011-10-18 19:31	323716	----a-w-	d:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2011-10-18 19:31 . 2011-10-18 19:31	192644	----a-w-	d:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2011-10-17 19:17 . 2011-10-17 19:17	--------	d-----w-	d:\documents and settings\Krzysztof\Ustawienia lokalne\Dane aplikacji\SocialSubmitter2Demo
2011-10-17 19:17 . 2011-10-17 19:17	--------	d-----w-	d:\documents and settings\Krzysztof\Ustawienia lokalne\Dane aplikacji\Seo_Dev_Group
2011-10-17 19:16 . 2011-10-17 19:16	--------	d-----w-	d:\program files\SocialSubmitter2Demo
2011-10-15 19:18 . 2011-10-15 19:18	--------	d-----w-	d:\documents and settings\Krzysztof\Ustawienia lokalne\Dane aplikacji\ArGo_Software_Design
2011-10-15 15:03 . 2011-10-15 15:03	--------	d-----w-	d:\documents and settings\All Users\Dane aplikacji\ArGoSoft
2011-10-15 15:03 . 2011-10-15 15:03	--------	d-----w-	d:\program files\ArGo Software Design
2011-10-11 19:01 . 2011-10-11 19:09	--------	d-----w-	D:\predkosc
2011-10-08 17:11 . 2011-10-08 17:11	--------	d-----w-	d:\program files\HEXwrite
2011-10-08 17:11 . 1997-12-12 20:31	94720	----a-w-	d:\windows\system32\splitter.ocx
2011-10-08 16:44 . 2011-10-08 16:44	--------	d-----w-	d:\documents and settings\Krzysztof\.idgloader
2011-10-08 13:41 . 2011-10-08 13:41	--------	d-----w-	d:\documents and settings\Krzysztof\Dane aplikacji\MAGIX
2011-10-08 13:39 . 2011-10-08 13:39	--------	d-----w-	d:\program files\MAGIX
2011-10-08 13:38 . 2011-10-08 13:39	--------	d-----w-	d:\documents and settings\All Users\Dane aplikacji\MAGIX
2011-10-08 13:38 . 2011-10-08 13:38	--------	d-----w-	d:\program files\Common Files\MAGIX Services
2011-10-04 16:37 . 2008-09-25 15:35	181120	----a-w-	d:\windows\system32\drivers\ext2fs.sys
2011-10-04 16:37 . 2008-08-28 20:45	51072	----a-w-	d:\windows\system32\drivers\ifsmount.sys
2011-10-04 16:37 . 2007-12-16 16:27	74752	----a-w-	d:\windows\system32\ifsdrives.cpl
2011-10-04 16:37 . 2008-07-26 21:56	210432	----a-w-	d:\windows\system32\ifsdrives.dll
2011-10-03 13:54 . 2011-10-03 13:55	--------	d-----w-	d:\program files\Cheat Engine 6.1
2011-10-01 22:35 . 2011-10-01 22:35	--------	d-----w-	D:\GDict_v2.0
2011-10-01 18:23 . 2011-10-01 22:03	--------	d-----w-	d:\documents and settings\Krzysztof\VirtualBox VMs
2011-10-01 18:22 . 2011-10-23 07:20	--------	d-----w-	d:\documents and settings\Krzysztof\.VirtualBox
2011-10-01 18:20 . 2011-08-15 13:06	158512	----a-w-	d:\windows\system32\drivers\VBoxDrv.sys
2011-10-01 18:20 . 2011-08-15 13:06	82736	----a-w-	d:\windows\system32\drivers\VBoxUSB.sys
2011-10-01 18:20 . 2011-08-15 13:06	90928	----a-w-	d:\windows\system32\drivers\VBoxUSBMon.sys
2011-10-01 18:20 . 2011-10-01 18:20	--------	d-----w-	d:\program files\Oracle
2011-10-01 11:50 . 2007-10-08 17:13	262144	----a-w-	d:\windows\system32\wnicapi.dll
2011-10-01 11:50 . 2005-10-27 06:55	49152	----a-w-	d:\windows\system32\JJAKEn.dll
2011-10-01 11:50 . 2005-12-13 08:38	48128	----a-w-	d:\windows\system32\ANIO64.sys
2011-10-01 11:43 . 2007-11-02 18:09	679936	----a-w-	d:\windows\system32\ANIWZCS2.dll
2011-10-01 11:43 . 2007-08-20 15:41	233472	----a-w-	d:\windows\system32\WlanApp.dll
2011-10-01 11:43 . 2007-05-12 11:33	217088	----a-w-	d:\windows\system32\aIPH.dll
2011-10-01 11:43 . 2006-09-26 11:49	45115	----a-w-	d:\windows\system32\ANICtl.dll
2011-10-01 11:43 . 2005-10-19 16:19	49152	----a-w-	d:\windows\system32\AQCKGen.dll
2011-10-01 11:43 . 2005-10-19 16:19	1327189	----a-w-	d:\windows\system32\odSupp_M.dll
2011-10-01 11:43 . 2004-06-28 12:54	212992	----a-w-	d:\windows\system32\wlanapi.dll
2011-10-01 11:43 . 2011-10-01 11:43	--------	d-----w-	d:\program files\ANI
2011-10-01 11:43 . 2005-12-11 09:55	28195	----a-w-	d:\windows\system32\ANIO.sys
2011-10-01 11:43 . 2005-10-21 13:56	36864	----a-w-	d:\windows\system32\ANIOApi.dll
2011-10-01 11:43 . 2004-10-14 08:29	16997	----a-w-	d:\windows\system32\ANIO.VXD
2011-10-01 11:43 . 2004-10-14 08:29	11904	----a-w-	d:\windows\system32\anio4.sys
2011-09-27 14:23 . 2011-09-27 14:27	--------	d-----w-	d:\program files\Kalendarz
2011-09-25 20:08 . 2011-09-25 20:08	--------	d-----w-	d:\documents and settings\Krzysztof\Ustawienia lokalne\Dane aplikacji\Ares
2011-09-25 20:08 . 2011-09-25 20:08	--------	d-----w-	d:\program files\Ares
2011-09-25 15:13 . 2011-09-25 15:13	--------	d--h--r-	d:\documents and settings\Krzysztof\Dane aplikacji\SecuROM
2011-09-25 14:55 . 2011-09-25 15:15	--------	d-----w-	d:\program files\Cyanide
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-17 09:24 . 2011-03-07 21:35	348256	----a-w-	d:\documents and settings\All Users\Dane aplikacji\Microsoft\VSTAHost\CorelPHOTOPAINT\9.0\1033\ResourceCache.dll
2011-09-17 09:22 . 2011-03-07 21:35	348256	----a-w-	d:\documents and settings\All Users\Dane aplikacji\Microsoft\VSTAHost\CorelDRAW\9.0\1033\ResourceCache.dll
2011-09-12 14:38 . 2011-06-13 17:18	544656	----a-w-	d:\windows\system32\deployJava1.dll
2011-09-12 14:38 . 2011-06-13 17:18	128000	----a-w-	d:\windows\system32\javacpl.cpl
2011-08-16 05:01 . 2011-05-14 11:19	404640	----a-w-	d:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-15 13:06 . 2011-08-15 13:06	116016	----a-w-	d:\windows\system32\drivers\VBoxNetFlt.sys
2011-08-15 13:06 . 2011-08-15 13:06	104752	----a-w-	d:\windows\system32\drivers\VBoxNetAdp.sys
2011-08-15 13:06 . 2011-08-15 13:06	135472	----a-w-	d:\windows\system32\VBoxNetFltNobj.dll
2011-10-03 17:29 . 2011-03-29 17:41	134104	----a-w-	d:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-06-30 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . d:\windows\system32\drivers\tcpip.sys
.
[-] 2009-06-30 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . d:\windows\system32\mshtml.dll
.
[-] 2009-06-30 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . d:\windows\system32\wininet.dll
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="d:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 227856]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^hpzrcv01.LNK]
path=d:\documents and settings\All Users\Menu Start\Programy\Autostart\hpzrcv01.LNK
backup=d:\windows\pss\hpzrcv01.LNKCommon Startup
.
[HKLM\~\startupfolder\D:^Documents and Settings^Krzysztof^Menu Start^Programy^Autostart^Adobe Gamma.lnk]
path=d:\documents and settings\Krzysztof\Menu Start\Programy\Autostart\Adobe Gamma.lnk
backup=d:\windows\pss\Adobe Gamma.lnkStartup
.
[HKLM\~\startupfolder\D:^Documents and Settings^Krzysztof^Menu Start^Programy^Autostart^FancyStart daemon.lnk]
path=d:\documents and settings\Krzysztof\Menu Start\Programy\Autostart\FancyStart daemon.lnk
backup=d:\windows\pss\FancyStart daemon.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 10:55	937920	----a-w-	d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58	611712	----a-w-	d:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate]
2009-11-11 11:48	870400	----a-w-	d:\program files\ALLPlayer\ALLUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
2007-01-19 09:49	49152	----a-w-	d:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
2011-05-17 11:29	395144	----a-w-	d:\program files\Ask.com\Updater\Updater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 09:19	207360	----a-w-	d:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
2007-11-30 09:20	51768	----a-w-	d:\program files\ASUS\ASUS Live Update\ALU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
2010-08-31 12:24	319574	----a-w-	d:\program files\IVT Corporation\BlueSoleil\BtTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
2010-02-24 17:45	1771320	----a-w-	d:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-15 12:00	15360	----a-w-	d:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus G]
2004-07-09 13:07	1249280	----a-w-	d:\program files\D-Link\AirPlus G\AirGCFG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus XtremeG DWL-G122]
2008-01-02 10:04	1552384	----a-w-	d:\program files\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2007-02-25 23:01	437160	----a-w-	d:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ETDWare]
2009-03-30 07:34	418816	----a-w-	d:\program files\Elantech\ETDCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47	31016	----a-w-	d:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControl]
2006-10-14 15:37	110592	----a-w-	d:\windows\ATK0100\HControl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2011-04-22 13:13	163328	----a-w-	d:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader]
2011-08-22 08:01	593920	----a-w-	d:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2011-04-22 13:13	129536	----a-w-	d:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-05-16 09:58	213936	----a-w-	d:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2008-04-15 12:00	171520	----a-w-	d:\windows\pchealth\helpctr\binaries\msconfig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 21:51	1695232	------w-	d:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Message Center 2]
2010-05-25 17:16	619008	----a-w-	d:\program files\Nikon\Nikon Message Center 2\NkMC2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-12-21 09:53	1483264	----a-w-	d:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2011-04-22 13:12	138752	----a-w-	d:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power_Gear]
2006-07-26 16:01	90112	----a-w-	d:\program files\ASUS\Power4 Gear\BatteryLife.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38	421888	----a-w-	d:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-05-04 11:59	252136	----a-w-	d:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Console 3]
2009-09-15 16:34	1593344	----a-w-	d:\program files\ASUS\Wireless Console 3\wcourier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wscsvc"=2 (0x2)
"wuauserv"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"srservice"=2 (0x2)
"helpsvc"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"Bonjour Service"=2 (0x2)
"idsvc"=3 (0x3)
"gupdate"=2 (0x2)
"GFI LANguard N.S.S. 5.0 attendant service"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"ServiceLayer"=3 (0x3)
"rpcapd"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"BsMobileCS"=2 (0x2)
"BsHelpCS"=3 (0x3)
"BlueSoleilCS"=2 (0x2)
"ANIWZCSdService"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"Samsung UPD Service"=3 (0x3)
"PassThru Service"=2 (0x2)
"gfi_lanss9_attservice"=2 (0x2)
"FirebirdServerMAGIXInstance"=3 (0x3)
"Fabs"=2 (0x2)
"ACDaemon"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Gadu-Gadu 10\\gg.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\WINDOWS\\system32\\SUPDSvc.exe"=
"d:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"EasyWebCam from UK Software"= d:\program files\Easy Web Cam\easywebcam.exe
"d:\\xampp\\apache\\bin\\httpd.exe"=
"d:\\xampp\\mysql\\bin\\mysqld.exe"=
"d:\\Documents and Settings\\Krzysztof\\Ustawienia lokalne\\Dane aplikacji\\Programs\\Opera\\opera.exe"=
"d:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"d:\\xampp\\MercuryMail\\mercury.exe"=
"d:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"d:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"d:\\Program Files\\GFI\\LANguard 9\\languard.exe"=
"d:\\Program Files\\WinPcap\\rpcapd.exe"=
"d:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"d:\\Documents and Settings\\Krzysztof\\Pulpit\\JAVA - Szkola\\eclipse\\eclipse.exe"=
"d:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"d:\\Program Files\\Cyanide\\Blood Bowl Legendary Edition\\BB_LE.exe"=
"d:\\Program Files\\Cyanide\\Blood Bowl Legendary Edition\\Autorun\\Exe\\Autorun.exe"=
"d:\\Program Files\\Ares\\Ares.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25565:TCP"= 25565:TCP:minecraft
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R0 BtHidBus;Bluetooth HID Bus Service;d:\windows\system32\drivers\BtHidBus.sys [2008-07-31 20104]
R0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [2011-02-27 691696]
R1 Ext2fs;Ext2fs;d:\windows\system32\drivers\ext2fs.sys [2011-10-04 181120]
R1 IfsMount;IfsMount;d:\windows\system32\drivers\ifsmount.sys [2011-10-04 51072]
R1 kl2;kl2;d:\windows\system32\drivers\kl2.sys [2010-06-09 11352]
R1 VBoxDrv;VirtualBox Service;d:\windows\system32\drivers\VBoxDrv.sys [2011-10-01 158512]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;d:\windows\system32\drivers\VBoxUSBMon.sys [2011-10-01 90928]
R2 ArGoSoftMailServerNet;ArGoSoft Mail Server for .NET;d:\program files\ArGo Software Design\ArGoSoft Mail Server .NET\AGMSService.exe [2011-10-08 53248]
R2 cpuz135;cpuz135;d:\windows\system32\drivers\cpuz135_x32.sys [2011-05-15 21992]
R2 Fabs;FABS - Helping agent for MAGIX media database;d:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
R2 NPF;NetGroup Packet Filter Driver;d:\windows\system32\drivers\npf.sys [2010-06-25 35088]
R2 TabletServicePen;TabletServicePen;d:\program files\Tablet\Pen\Pen_Tablet.exe [2011-03-12 4869488]
R2 TouchServicePen;Wacom Consumer Touch Service;d:\program files\Tablet\Pen\Pen_TouchService.exe [2011-03-12 416112]
R3 BTCOMBUS;Bluetooth Serial Port Bus Service;d:\windows\system32\drivers\btcombus.sys [2010-08-26 22024]
R3 btnetBUs;Bluetooth PAN Bus Service;d:\windows\system32\drivers\btnetBus.sys [2008-12-07 25864]
R3 ETD;ELAN PS/2 Port Input Device;d:\windows\system32\drivers\ETD.sys [2011-02-27 129024]
R3 IvtBtBUs;IVT Bluetooth Bus Service;d:\windows\system32\drivers\IvtBtBus.sys [2008-07-02 23048]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;d:\windows\system32\drivers\klim5.sys [2007-04-04 24344]
R3 klmouflt;Kaspersky Lab KLMOUFLT;d:\windows\system32\drivers\klmouflt.sys [2009-11-02 19472]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;d:\windows\system32\drivers\VBoxNetAdp.sys [2011-08-15 104752]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;d:\windows\system32\drivers\VBoxNetFlt.sys [2011-08-15 116016]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;d:\windows\system32\drivers\viahduaa.sys [2011-02-27 1057280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Usługa Google Update (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [2011-03-30 136176]
S3 BTCOM;Bluetooth Serial port driver;d:\windows\system32\drivers\btcomport.sys [2010-08-26 25992]
S3 cpudrv;cpudrv;d:\program files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336]
S3 CRFILTER;USB Mass Storage Filter;d:\windows\system32\drivers\CRFILTER.sys [2008-04-07 6656]
S3 gupdatem;Usługa Google Update (gupdatem);d:\program files\Google\Update\GoogleUpdate.exe [2011-03-30 136176]
S3 HTCAND32;HTC Device Driver;d:\windows\system32\drivers\ANDROIDUSB.sys [2011-09-12 24576]
S3 htcnprot;HTC NDIS Protocol Driver;d:\windows\system32\drivers\htcnprot.sys [2010-06-22 21248]
S3 RAMDiskXP;RAMDiskXP;d:\windows\system32\Drivers\RAMDiskXP.sys --> d:\windows\system32\Drivers\RAMDiskXP.sys [?]
S3 VBoxUSB;VirtualBox USB;d:\windows\system32\drivers\VBoxUSB.sys [2011-10-01 82736]
S3 wacmoumonitor;Wacom Mode Helper;d:\windows\system32\drivers\wacmoumonitor.sys [2011-03-12 16240]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;d:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 BsMobileCS;BsMobileCS;d:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2010-08-31 147563]
S4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;d:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
S4 gfi_lanss9_attservice;GFI LANguard 9 Attendant Service;d:\program files\GFI\LANguard 9\lnssatt.exe [2010-05-20 329072]
S4 PassThru Service;Internet Pass-Through Service;d:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040]
S4 Samsung UPD Service;Samsung UPD Service;d:\windows\system32\SUPDSvc.exe [2011-03-02 131888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
.
Zawartość folderu 'Zaplanowane zadania'
.
2011-10-24 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2011-03-30 09:06]
.
2011-10-24 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2011-03-30 09:06]
.
2011-10-24 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-2052111302-1801674531-1003Core.job
- d:\documents and settings\Krzysztof\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-03-14 19:08]
.
2011-10-24 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-2052111302-1801674531-1003UA.job
- d:\documents and settings\Krzysztof\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-03-14 19:08]
.
2011-10-24 d:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- d:\program files\Ask.com\UpdateTask.exe [2011-05-17 11:29]
.
.
------- Skan uzupełniający -------
.
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - d:\documents and settings\Krzysztof\Dane aplikacji\Mozilla\Firefox\Profiles\j6ofo4wc.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.pl/#hl=pl&source=hp&biw=1336&bih=605&q=
.
.
------- Skojarzenia plików -------
.
.txt=Notepad++_file
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-AVP - d:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
MSConfigStartUp-cacaoweb - d:\program files\cacaoweb\cacaoweb.exe
MSConfigStartUp-Google Update - d:\program files\Google\Google_update.exe
MSConfigStartUp-Microsoft Firewall 2 - d:\documents and settings\Krzysztof\Dane aplikacji\WMPRWISE.EXE
MSConfigStartUp-Vulcan Update Tool - d:\temp\vaulcanAuthWND\vulcanAuthWND.exe
AddRemove-Qt SDK 2010.05 - C:_Qt_2010.05 - c:\qt\2010.05\uninst.exe
AddRemove-Quake2UninstallKey - d:\quake\Uninst.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-24 16:14
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...  
.
skanowanie ukrytych wpisów autostartu ... 
.
skanowanie ukrytych plików ...  
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\{80931a9f5e5146ffebc38bc8d3faec28}*jopa]
"00"="ExeMsr09s9IcZB2R5sCipBVqV0CHXTavs3xyRsytHJY="
.
[HKEY_USERS\S-1-5-21-1214440339-2052111302-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:6a,b6,fc,83,8a,af,8f,b1,24,43,e1,41,c6,7f,3d,62,29,a2,96,02,d6,
   a3,d2,1f,18,68,9b,db,88,9e,a2,55,59,16,54,85,76,97,5e,06,82,bb,29,79,51,2f,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(1428)
d:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
.
- - - - - - - > 'lsass.exe'(1484)
d:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
d:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
d:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll
.
- - - - - - - > 'explorer.exe'(1932)
d:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
d:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll
d:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll
d:\windows\system32\msi.dll
d:\windows\system32\ieframe.dll
d:\windows\system32\webcheck.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\BsMobileSDK.dll
d:\windows\system32\BsLangInDepRes.dll
d:\windows\system32\Bs2Res.dll
d:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
d:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
d:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_pol.nlr
d:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
d:\program files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
d:\program files\Common Files\Corel\Shared\Shell Extension\FileInfoProvider.dll
d:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
d:\program files\Tablet\Pen\Pen_TouchUser.exe
d:\program files\Common Files\Protexis\License Service\PsiService_2.exe
d:\program files\Tablet\Pen\Pen_TabletUser.exe
d:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Czas ukończenia: 2011-10-24  16:21:05 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2011-10-24 14:21
.
Przed: 78 185 144 320 bajtów wolnych
Po: 79 093 198 848 bajtów wolnych
.
- - End Of File - - 6A7E988937250D809260EB0E6D40AD81